CVE-2024-35240

Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

CVSS 5.4 MEDIUMEPSS 0.3%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 may 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Productos afectados

umbraco · Umbraco.Commerce.Issues

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023 https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w